package com.bjsxt.ssm;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.collections.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.bjsxt.ssm.bean.TbResRo;
import com.bjsxt.ssm.bean.TbResource;
import com.bjsxt.ssm.bean.TbRole;
import com.bjsxt.ssm.bean.TbUser;
import com.bjsxt.ssm.bean.TbUserRole;
import com.bjsxt.ssm.service.TbResRoService;
import com.bjsxt.ssm.service.TbResourceService;
import com.bjsxt.ssm.service.TbRoleService;
import com.bjsxt.ssm.service.TbUserRoleService;
import com.bjsxt.ssm.service.TbUserService;

public class SimpleInterceptor implements HandlerInterceptor {

	@Autowired
	private TbRoleService tbRoleService;

	@Autowired
	private TbUserRoleService tbUserRoleService;

	@Autowired
	private TbResourceService tbResourceService;

	@Autowired
	private TbResRoService tbResRoService;

	@Override
	public void afterCompletion(HttpServletRequest arg0,
			HttpServletResponse arg1, Object arg2, Exception arg3)
			throws Exception {
		// TODO Auto-generated method stub

	}

	@Override
	public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
			Object arg2, ModelAndView arg3) throws Exception {
		// TODO Auto-generated method stub

	}

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {

		HttpSession session = request.getSession();
		Object sessionObject = session.getAttribute(Constant.SESSION_KEY);

		/** session为空 说明未登录 */
		if (null == sessionObject) {
			response.sendRedirect("/login.do");
			return true;
		}
		TbUser sessionUser = (TbUser) sessionObject;
		int userId = sessionUser.getUserId();

		List<TbUserRole> tbUserRole = tbUserRoleService
				.selectTbRoleByUserId(userId);

		Set<String> resourceUris = new HashSet<String>();
		if (CollectionUtils.isNotEmpty(tbUserRole)) {
			for (int i = 0; i < tbUserRole.size(); i++) {
				TbUserRole userRole = tbUserRole.get(i);
				List<TbResRo> tbResRo = tbResRoService.selectTbResById(userRole
						.getRoleId());
				if (CollectionUtils.isNotEmpty(tbResRo)) {
					for (int n = 0; n < tbResRo.size(); n++) {
						TbResRo resRo = tbResRo.get(n);
						TbResource resource = tbResourceService
								.selectTbResource(resRo.getResourceId());
						if (null != resource) {
							resourceUris.add(resource.getResourceUrl());
						}
					}
				}
			}

		}

		if (CollectionUtils.isEmpty(resourceUris)) {
			response.sendRedirect("/noAuthority.do");
		}
		/** 当前请求的路径 */
		String uri = request.getRequestURI();
		if (!resourceUris.contains(uri)) {
			response.sendRedirect("/noAuthority.do");
		}
		return true;
	}

}
